I'm seeking a list of all kernel configuration items, modules, tarballs, etc., containing Trusted Computing or Digital Rights Management, that have been added to the Linux kernel so far.
Anyone have such a list, able to refer me to a site providing one, or can offer any assistance?

My first reaction was that no such thing exists.
DRM and TCP are by their nature non-open, so would not be compatible with the GPL.
But I was intrigued and found this link:
on TPMDRM is also possible, apparently by using external keys (which are not in the kernel) with GPL code for accessing them.
It all gets rather complex.

The sig between the asterisks is so cool that only REALLY COOL people can even see it!

Dutch_Master wrote:Just a counter question: why do you need that? I hope the entertainment industry doesn't expect us to hand them a list of everything they believe to be infringing their perceived rights?

If I am to replace XP Pro with Linux, the OS must be DRM-free. Was told Linux is DRM-free, but Google research has proven this false. Still I'm not yet ready to give up on Linux, as more research shows it can be made DRM-free. Process looks to be:
1. Find out exactly what DRM crud has entered the kernel, what its called, and where its located.
2. Learn whatever is required to erase this crud.
In other words, find and identify the targets...then delete them.
I'm a newbie. Never used Linux. Only know what I've found doing load of Google searches. I want a DRM-free OS and want it to be Linux, but I'm way over my head with this, and need help. Probably a lot of help!

wyliecoyoteuk wrote:My first reaction was that no such thing exists.DRM and TCP are by their nature non-open, so would not be compatible with the GPL.But I was intrigued and found this link:on TPMDRM is also possible, apparently by using external keys (which are not in the kernel) with GPL code for accessing them.It all gets rather complex.

Google :
Linux: CONFIG_INTEL_TXT
This is the first nasty I found actually in the kernel....there is a lot more; some are kernel configuration items, some in the distros themselves, some in tarballs, etc. As a newbie, I cannot tell one from another. If you can, I'll provide list of what I found so far. Yes, DRM was designed to be complex.

Lots of things have found their way into the kernel and most distro's do not put every possible module into their default kernel that and several distros have no non-free policies that means that anything that is not GPL in not used.

What you should realise is that the Kernel itself is DRM free.
DRM keys are incompatible with the GPL.
However, drivers can be added to the kernel that allow external DRM mechanisms to function. So theoretically, for example, DRM protected media can be played without breaking the law.
This in itself does not mean that the kernel contains DRM.
The case with TCP and DEP is the same:they are just drivers for external modules that implement the functions.
I doubt that many of the freely distributable distros actually contain any of this code, simply because they would have to license it.

Proprietary Distros such as RedHat or Oracle may well do so.

The sig between the asterisks is so cool that only REALLY COOL people can even see it!

Rhakios wrote:Juts beware of the fact that DRM also stands for Direct Rendering Manager, which is what I expect is the case for anything to do with Intel graphics.

Yes, I ran into this problem early on. Put in some time looking over Direct Rendering Manager make-up, and have to say some of it looks suspicious to me, but as a newbie, I can't tell for sure without intensive research, and right now I'm focused on the kernel. Hopefully will revisit this topic later. Speaking of the kernel, CONFIG_INTEL_TXT and apparently CONFIG_HAVE_INTEL_TXT was incorporated into the kernel as of 2.6.32 version. Also found mention of a 'TrustedGRUB', 'tboot.h', &
'TrouSerS' (not sure its location). As said, having trouble separating stuff ...is it in the kernel configuration items, kernel header files, packages, modules, tar balls, repositories, etc.? A maze for a newbie!

Anyway, I'm hoping you all are interested enough in this topic to help me with it, cause a lot of this stuff is way over my head.

I that think your DRM paranoia is a little OTT.
I suppose that it depends how you define DRM.
The kernel does not contain DRM, but there are non free drivers and optional security measures.
CONFIG_INTEL_TXT , for example, is a security device which can be used to prevent changes to the kernel for security reasons. This is mainly intended for commercial implementations (i.e company servers), and requires an external program to implement it.
BUT the capability is actually built in to the hardware regardless, so you would need to boycott Intel processors to actually avoid it altogether.
Many of these tools could be misused if they were not optional, but outcry has seen that the option for the user to disable them remains.
UEFI secure boot is an example, It will be used on corporate servers, because it is a useful security tool, (which is why RedHat have opted for it) and on WindowsRT mobile devices, which is more controversial.

The sig between the asterisks is so cool that only REALLY COOL people can even see it!

lok1950 wrote:Lots of things have found their way into the kernel and most distro's do not put every possible module into their default kernel that and several distros have no non-free policies that means that anything that is not GPL in not used.

Enjoy the Choice

Thanks for your comment. Can you list those distros that "have no non-free policies"? That might be a big help. Been researching at Distrowatch and similar sites for months, and while I've found distros that crow about being DRMed to infinity (like Trusted Gentoo), I have yet to find even one that brags about being DRM-free!

You bring up an interesting question about the kernel, in that I've been unable to find out just how many versions there really are. Any idea? I'm hoping at least one version is 100% DRM free, but not sure how to track down such a critter. Advice?

wyliecoyoteuk wrote:What you should realise is that the Kernel itself is DRM free.DRM keys are incompatible with the GPL.However, drivers can be added to the kernel that allow external DRM mechanisms to function. So theoretically, for example, DRM protected media can be played without breaking the law.This in itself does not mean that the kernel contains DRM.The case with TCP and DEP is the same:they are just drivers for external modules that implement the functions.I doubt that many of the freely distributable distros actually contain any of this code, simply because they would have to license it.

Proprietary Distros such as RedHat or Oracle may well do so.

"DRM and TCP...would not be compatible with the GPL."Looks like Stallman agrees with you.
Google Search:
Can you trust your computer? GNU Project
Torvalds seem to have different idea.
Google Search:
LKML: Linus Torvalds: Flame Linus to a crisp!
Linux founder opens door to DRM - CNET News
Linus Torvalds: "No GPL 3 for Linux"
and unfortunately most seem to agree with Torvalds idea.
Google Search:
Trusted Computing and Linux - 2005 Linux Symposium
OLS: Linux and trusted computing [LWN.net]
Enabling DRM in the kernel? [LWN.net]
A fight against evil or a fight for attention - Linux Journal
How DRM prepared the way for Xen/VMware
Linux and TPM - The H Open Source

"drivers can be added to the kernel that allow DRM mechanisms to function." "This in itself does not mean that the kernel contains DRM."I guess we have far different views on DRM, as I do not distinguish between software DRM and hardware DRM, as both are but two sides of the same wooden nickle. In XP Pro, software nasties like COPP driver, WM-DRM, etc., interlock with hardware nasties like HDCP, and either enable, support or harden it. Saying that COPP is not part of DRM is like saying that DRM has nothing to do with HDCP. Its like claiming that the 'getaway-driver' of bank robbers has no responsibility for whatever happens within the bank. The word that comes to mind is 'accomplice'. So I'd have to disagree with your assessment:

"What you should realize is that the kernel itself is DRM free."If said kernel contains anything (call it driver, module, tar ball, or whatever) that supports, enables or hardens hardware DRM, then that is software-based DRM, and the kernel definitely appears infected to me.
Google Search:
Linux Kernel Documentation:: intel_txt.txt - mjmwired
Linux kernel Driver Database: CONFIG_INTEL_TXT
SourceForge.net: linux.ima
Integrity management in the kernel - LWN.net
There's lots of other citations, but I won't bore you to death.
The point being whatever you want to call these bits & pieces of code (or whatever) they are in the kernel. Secondly, whether you view them as harmless or not, I'd like to find a list of them so I can eradicate them (once I learn how).

Your biggest mistake is to regard any hardware linked security measures as DRM.
As a sysadmin, being able to certify that my kernel is not tampered with is very important.
As a consumer, I would not be so worried.
Most freely distributable Distros probably do not contain much, if any of the code, that you resent.
However, even if you clear the Kernel, you cannot remove it from the hardware that you use.
HDCP is not supported under Linux, for example, and is largely irrelevant unless you want to play protected media such as Blu-ray disks.

I wish you luck with your investigations.

By the way, there is only one current version of the kernel, although it may be compiled differently by different distros to add or remove different functions. You can always compile your own from the source code and leave out all the stuff that you don't want.

Last edited by wyliecoyoteuk on Thu Jun 14, 2012 11:26 pm, edited 1 time in total.

The sig between the asterisks is so cool that only REALLY COOL people can even see it!